Results 1 to 6 of 6

Thread: remove cron from /var/log/auth.log

  1. #1
    Join Date
    Aug 2008
    Location
    Portland OR
    Beans
    68
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    remove cron from /var/log/auth.log

    Every minute cron checks for something to do and my auth.log is filled with
    Code:
    Sep  2 23:52:01 LAMPP CRON[21487]: pam_unix(cron:session): session opened for user root by (uid=0)
    Sep  2 23:52:02 LAMPP CRON[21487]: pam_unix(cron:session): session closed for user root
    This makes my logs rather hard to read when I am looking for information logged by ssh.

    I know this isn't an intruder because you can only ssh into this computer from my my network and I would like my logs to be readable before I forward the port that ssh operates on.

    Is there any way to make this information from cron use a different log or not show up at all?

    Thanks in advance.
    Last edited by bboston7; September 3rd, 2009 at 08:57 AM.

  2. #2
    Join Date
    Jul 2009
    Location
    London
    Beans
    1,480
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: remove cron from /var/log/auth.log

    Hi,
    edit /etc/pam.d/cron (using sudo since you need to root privileges)
    and comment out the line:
    Code:
    @include common-session
    by prepending a #

  3. #3
    Join Date
    Aug 2008
    Location
    Portland OR
    Beans
    68
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: remove cron from /var/log/auth.log

    Worked like a charm. Thank you very much

  4. #4
    Join Date
    Mar 2008
    Location
    Estonia
    Beans
    62
    Distro
    Ubuntu

    Re: remove cron from /var/log/auth.log

    But what should I exclude from that list?
    /etc/pam.d/cron

    #
    # The PAM configuration file for the cron daemon
    #

    @include common-auth
    session required pam_env.so
    @include common-account
    @include common-session-noninteractive
    # Sets up user limits, please define limits for cron tasks
    # through /etc/security/limits.conf
    session required pam_limits.so

    Thanks,
    Martin
    Even thousand philosophers cannot answer for one man's stupid questions.

  5. #5
    Join Date
    May 2007
    Beans
    2
    Distro
    Hardy Heron (Ubuntu Development)

    Re: remove cron from /var/log/auth.log

    Don't touch /etc/pam.d/cron, just add the following line before the pam_unix.so call in /etc/pam.d/common-session-noninteractive:

    Code:
    session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid

  6. #6
    Join Date
    Mar 2008
    Location
    Canada
    Beans
    251
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: remove cron from /var/log/auth.log

    Thanks bio, that worked for me.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •